Presentation is loading. Please wait.

Presentation is loading. Please wait.

ASN.1: Cryptographic files

Published byAnnabella Osborne Modified over 6 years ago

Similar presentations

Presentation on theme: "ASN.1: Cryptographic files"— Presentation transcript:

1 ASN.1: Cryptographic files
Zdeněk Říha

2 ASN.1 Grammar To understand the structure (what is the meaning of particular fields) we need ASN.1 grammar

3 ASN.1 – RSA keys Source: PKCS#1  RSA.key

4 ASN.1 – RSA padding PKCS#1 v1.5 In practice:
m = 0x00 || 0x01 || 0xFF … 0xFF || 0x00 || T Where T is defined as DER encoding of In practice: Source: PKCS#1

5 ASN.1 – RSA signature RSA signature is the number s = md mod n
 TSA.crt

6 ASN.1 – signature OIDs Source: BSI TR Part 5.1

7 ASN.1 – RSA PSS params  CSCA_CZE.crt Source: PKCS#1 RSASSA-PSS SHA256
MGF1 SHA256  CSCA_CZE.crt

8 ASN.1 – DSA keys Source: RFC 5480 DSAPrivateKey is an INTEGER, usually denoted as X Source: OpenSSL  DSA.key

9 ASN.1 – DSA signature Source: RFC 5480  DSA.crt

10 ASN.1 – DSA - OIDs Source: RFC 5480

11 ASN.1 – ECDSA keys INTEGER ECPoint Source: RFC 5915

12 ASN.1 - ECDSA public key  CSCA_Switzerland.crt

13 ASN.1 – ECDSA signatures  CSCA_Switzerland.crt
Source: RFC 5480 ecdsa-with-SHA1  CSCA_Switzerland.crt

14 ASN.1 – ECDSA signature OID
Source: BSI TR Part 5.1

15 ASN.1 - certificates Source: RFC 5280

16 ASN.1 – certificates - pubkey
Source: RFC 5280  CSCA_CZE.crt

17 ASN.1 – certificates - times
Source: RFC 5280 Until 2049: UTCTime YYMMDDHHMMSSZ From 2050: GeneralizedTime YYYYMMDDHHMMSSZ  CSCA_CZE.crt

18 ASN.1 – certificates - names
Source: RFC 5280

19 ASN.1 – certificate - names
 CSCA_CZE.crt

20 ASN.1 – certificate - names
Source: ITU-T X.520

21 ASN.1 – certificate - names
Source: ITU-T X.520

22 Certificate profiles For particular areas/purposes there exist certificate profiles which prescribe what kind of attributes will be used in Names E.g. for electronic passports ICAO Doc states: Source: ICAO Doc. 9303

23 ASN.1 – certificates – v3 Critical x non-critical extensions Source:
RFC 5280 Critical x non-critical extensions

24 ASN.1 – certs – extensions
 CSCA_CZE.crt

25 X509v3 cert extensions Authority Key Identifier
Identification of the issuing CA Non critical Similarly “Subject Key Identifier” Source: RFC 5280

26 X509v3 cert extensions Key Usage Restrictions of the use of the key
Source: RFC 5280

27 X509v3 cert extensions Extended Key Usage
Purposes of the certified key Source: RFC 5280

28 X509v3 cert extensions Certificate Policies
Policy relevant for the issue and use of the certificate Preferably only an OID Source: RFC 5280

29 X509v3 cert extensions Subject Alternative Name
Issuer Alternative Name “Internet style identities” DNS name IP address URL Must be verified by CA

30 X509v3 cert extensions Basic Constraints Is Subject a CA?
Max. length/depth of the certificate chain/path A pathLenConstraint of zero indicates that no non-self-issued intermediate CA certificates may follow in a valid certification path. Source: RFC 5280

31 X509v3 cert extensions Name Constraints Only for CA certificates
“indicates a name space within which all subject names in subsequent certificates in a certification path MUST be located” Source: RFC 5280

32 X509v3 cert extensions Policy Constraints Must be critical
For CA certificates Constraints path validation Prohibit policy mapping (or) Require acceptable policy OID in each certificate Source: RFC 5280

33 X509v3 cert extensions CRL Distribution Points How to obtain CRL
Source: RFC 5280

34 ASN.1 – certificate request
Source: RFC 5280

35 ASN.1 - CRL Source: RFC 5280

36 ASN.1 – PKCS#7 / CMS Source: RFC 5652

37 ASN.1 - PKCS#7 / CMS Source: RFC 5652

38 PKCS#7 Sample  France.p7s

39 ASN.1 – PKCS#8 Source: PKCS#8

Download ppt "ASN.1: Cryptographic files"

Similar presentations

DIGITAL CERTIFICATES Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs.

DIGITAL CERTIFICATES Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.

CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Cryptography and Network Security Chapter 14

Cryptography and Network Security Chapter 14
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.

Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.

Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.

APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
DNS-centric PKI Sean Turner Russ Housley Tim Polk.

DNS-centric PKI Sean Turner Russ Housley Tim Polk.
9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99.

9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99.
Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.

Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Similar presentations

Ads by Google